|
|
@ -23,13 +23,13 @@ class Oauth2 extends Oauth2Controller {
|
|
|
|
const Policy = this.models.get('iam:Policy')
|
|
|
|
const Policy = this.models.get('iam:Policy')
|
|
|
|
const application = await Application.findOne({ oauth_client_ids: starship_client.id })
|
|
|
|
const application = await Application.findOne({ oauth_client_ids: starship_client.id })
|
|
|
|
if ( !application ) {
|
|
|
|
if ( !application ) {
|
|
|
|
this.output.warn('IAM Denial!')
|
|
|
|
this.output.warn(`IAM Denial: OAuth client not associated with an application: ${starship_client.id}`)
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
next_destination: '/dash',
|
|
|
|
next_destination: '/dash',
|
|
|
|
})
|
|
|
|
})
|
|
|
|
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
|
|
|
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
|
|
|
this.output.warn('IAM Denial!')
|
|
|
|
this.output.warn(`IAM Denial: User ${req.user.uid} not authorized to access application: ${application.id}`)
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
next_destination: '/dash',
|
|
|
|
next_destination: '/dash',
|
|
|
@ -54,13 +54,13 @@ class Oauth2 extends Oauth2Controller {
|
|
|
|
const Policy = this.models.get('iam:Policy')
|
|
|
|
const Policy = this.models.get('iam:Policy')
|
|
|
|
const application = await Application.findOne({ oauth_client_ids: starship_client.id })
|
|
|
|
const application = await Application.findOne({ oauth_client_ids: starship_client.id })
|
|
|
|
if ( !application ) {
|
|
|
|
if ( !application ) {
|
|
|
|
this.output.warn('IAM Denial!')
|
|
|
|
this.output.warn(`IAM Denial: OAuth client not associated with an application: ${starship_client.id}`)
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
next_destination: '/dash',
|
|
|
|
next_destination: '/dash',
|
|
|
|
})
|
|
|
|
})
|
|
|
|
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
|
|
|
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
|
|
|
this.output.warn('IAM Denial!')
|
|
|
|
this.output.warn(`IAM Denial: User ${req.user.uid} not authorized to access application: ${application.id}`)
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
return this.Vue.auth_message(res, {
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
|
|
|
next_destination: '/dash',
|
|
|
|
next_destination: '/dash',
|
|
|
|